Ban Wang,Youmin Zhang

DOI: https://doi.org/10.1142/s2301385017400052

2020-01-01

Abstract:Sliding mode control (SMC) is known as a robust control method to maintain system performance and keep it insensitive to system uncertainties. To achieve this objective, the knowledge of the uncertainty bound is usually needed, but sometimes it could be a hard task. Hence, the adaptive technology is introduced to be synthesized with SMC. In this paper, a novel adaptive SMC (ASMC) scheme is proposed to accommodate system uncertainties caused by actuator faults. An integral sliding mode controller is used as the baseline controller. When actuator faults occur, there is no need to know the exact bound of the uncertainties in control effectiveness matrix. The post-fault control effectiveness matrix can be estimated by the proposed adaptive control scheme, and the control inputs will be changed accordingly. In such a way, the robustness of the controller to actuator faults is improved. With the help of adaptive change of both continuous and discontinuous control parts, a minimum value of the discontinuous control gain can be guaranteed. In this case, the resulting control effort is reduced accordingly to avoid control chattering effect. Owing to the minimized control effort to accommodate uncertainties compared to the conventional SMC, the proposed ASMC can still maintain the system performance when severer faults occur. The effectiveness of the developed algorithm is demonstrated by the simulation results based on an unmanned quadrotor helicopter under various faulty conditions.

Asma Tabassum,He Bai

DOI: https://doi.org/10.1016/j.ast.2021.107323

2021-03-14

Abstract:This paper develops and evaluates the performance of an allocation agent to be potentially integrated into the onboard Detect and Avoid (DAA) computer of an Unmanned Aircraft System (UAS). We consider a UAS that can be fully controlled by the onboard DAA system and by a remote human pilot. With a communication channel prone to latency, we consider a mixed initiative interaction environment, where the control authority of the UAS is dynamically allocated by the allocation agent. In an encounter with a dynamic intruder, the probability of collision may increase in the absence of pilot commands in the presence of latency. Moreover, a delayed pilot command may not result in safe resolution of the current scenario and need to be improvised. We design an optimization algorithm to reduce collision risk and refine delayed pilot commands. Towards this end, a Markov Decision Process (MDP)and its solution are employed to create a wait time map. The map consists of estimated times that the UAS can wait for the remote pilot commands at each state. A command blending algorithm is designed to select an avoidance maneuver that prioritizes the pilot intention extracted from the pilot commands. The wait time map and the command blending algorithm are implemented and integrated into a closed-loop simulator. We conduct ten thousands fast-time Monte Carlo simulations and compare the performance of the integrated setup with a standalone DAA setup. The simulation results show that the allocation agent enables the UAS to wait without inducing any near mid air collision (NMAC) and severe loss of well clear (LoWC) while positively improve pilot involvement in the encounter resolution.

Systems and Control,Human-Computer Interaction

Maryam Nezami,Hossam Seddik Abbas,Georg Schildbach,Georg Mannel

DOI: https://doi.org/10.23919/ecc54610.2021.9655155

2021-06-29

Abstract:This paper presents a novel, safe control architecture (SCA) for controlling an important class of systems: safety-critical systems. Ensuring the safety of control decisions has always been a challenge in automatic control. The proposed SCA aims to address this challenge by using a Model Predictive Controller (MPC) that acts as a supervisor for the operating controller, in the sense that the MPC constantly checks the safety of the control inputs generated by the operating controller and intervenes if the control input is predicted to lead to a hazardous situation in the foreseeable future invariably. Then an appropriate backup scheme can be activated, e.g., a degraded control mechanism, the transfer of the system to a safe state, or a warning signal issued to a human supervisor. For a proof of concept, the proposed SCA is applied to an autonomous driving scenario, where it is illustrated and compared in different obstacle avoidance scenarios. A major challenge of the SCA lies in the mismatch between the MPC prediction model and the real system, for which possible remedies are explored.

Zuocheng Liu,Evgeny Neretin,Xiaoguang Gao,Kaifang Wan

DOI: https://doi.org/10.1109/iccre61448.2024.10589872

2024-01-01

Abstract:Compared to existing traffic alert and collision avoidance systems (TCAS), the development of the new Airborne Collision Avoidance System X (ACAS X) adopts a model-based optimization approach to enhance airspace safety and operational efficiency. However, limitations such as the generation of massive numerical tables during development and the separation of development and evaluation processes hinder the system's maintenance and further application in avionics systems. Therefore, in this study, we tackle the aircraft collision avoidance problem using deep reinforcement learning methods, which substantially reduce storage requirements and enable self-updating during interaction with the environment, thus streamlining the development process. Our contributions include constructing a simulation environment for aircraft collision avoidance and establishing a reward system. Through three different reinforcement learning methods, we address collision avoidance while considering aircraft scheduling issues. Simulation results demonstrate the effectiveness of reinforcement learning in tackling aircraft collision avoidance and airspace scheduling problems.

Liu Zuocheng,Neretin Evgeny,Gao Xiaoguang,Wan Kaifang

DOI: https://doi.org/10.1109/ICCSI58851.2023.10303964

2023-01-01

Abstract:Compared with the existing Traffic Alert and Collision Avoidance System (TCAS), the development of the new system, Airborne Collision Avoidance System X (ACAS X), uses a model-based optimization method to improve airspace safety and operational efficiency. However, due to the opacity of the model-based optimization method in the process of automatically generating logic, the resolution advisory issued by ACAS X are often misunderstood or difficult for pilots to accept. In this paper, first we introduce the development process of ACAS X, and then analyze the natural shortcomings of ACAS X and the evaluation metrics for ACAS X optimization from the perspective of human factors engineering. Finally, we propose a method for evaluating the pilot acceptability of collision avoidance system based on Genetic Algorithm (GA). This method is used to find high collision risk encounters where ACAS X tends to issue advisories that are not conducive to the pilot's acceptance, so as to evaluate the pilot's acceptability of the collision avoidance system. The final simulation results demonstrate the effectiveness of the method.

Siddhartha Bhattacharyya,Jennifer Davis,Anubhav Gupta,Nandith Narayan,Michael Matessa

DOI: https://doi.org/10.4204/EPTCS.348.11

2021-10-25

Abstract:As aircraft systems become increasingly autonomous, the human-machine role allocation changes and opportunities for new failure modes arise. This necessitates an approach to identify the safety requirements for the increasingly autonomous system (IAS) as well as a framework and techniques to verify and validate that an IAS meets its safety requirements. We use Crew Resource Management techniques to identify requirements and behaviors for safe human-machine teaming behaviors. We provide a methodology to verify that an IAS meets its requirements. We apply the methodology to a case study in Urban Air Mobility, which includes two contingency scenarios: unreliable sensor and aborted landing. For this case study, we implement an IAS agent in the Soar language that acts as a copilot for the selected contingency scenarios and performs takeoff and landing preparation, while the pilot maintains final decision authority. We develop a formal human-machine team architecture model in the Architectural Analysis and Design Language (AADL), with operator and IAS requirements formalized in the Assume Guarantee REasoning Environment (AGREE) Annex to AADL. We formally verify safety requirements for the human-machine team given the requirements on the IAS and operator. We develop an automated translator from Soar to the nuXmv model checking language and formally verify that the IAS agent satisfies its requirements using nuXmv. We share the design and requirements errors found in the process as well as our lessons learned.

Software Engineering,Human-Computer Interaction,Logic in Computer Science

Qi Yao,Fuping Zeng,Yizhuo Zhang,Minghao Yang,Zhiyu Duan,Shunkun Yang

DOI: https://doi.org/10.1109/qrs54544.2021.00046

2021-01-01

Abstract:The flight reliability has been receiving considerable attention. However, the ability of the aircraft recovers to normal flight state from a perturbation were not considered under most circumstances. In this study, a simulation based intelligent analysis framework is proposed to identify the reliability, resilience and vulnerability states of Boeing 737 MAX aircraft disturbed by Maneuvering Characteristics Augmentation System (MCAS) system abnormal activation during the flight. Multiswarm particle swarm optimization (multiswarm PSO) algorithm based test cases generation strategy, aircraft failure behavior model which reflects aerodynamics of the aircraft after the horizontal stabilizer deflection caused by MCAS abnormal activation, JSBSim and FlightGear based co-simulation with aerodynamic and visual characteristics and neural network based flight states identification method constitute the proposed framework. Study results show that the proposed method can cover the margin of resilience and vulnerability quickly and the classification model can identify aircraft flight reliability, resilience and vulnerability states corresponding to different inputs accurately. The proposed framework can be used to validate the flight reliability and system resilience in a more efficient way.

Seref Demirci

DOI: https://doi.org/10.1108/aeat-03-2021-0069

2021-08-27

Aircraft Engineering and Aerospace Technology

Abstract:Purpose This paper aims to show the current situation and additional requirements for the aircraft automation systems based on the lessons learned from the two 737 MAX crashes. Design/methodology/approach In this study, the Swiss cheese model was used to find the real root causes of the 737 MAX accidents. Then, the results have been compared with the actions taken by the manufacturers and authorities. Based on the comparison, the necessary improvements to prevent such accidents are defined. Regarding the faulty sensor that forms the accidents, a synthetic sensor was developed using an aerodynamic model. Findings It has been proven that the safety-critical automation systems should not be designed by relying on a single set of sensor data. Automation levels should be defined in a standard way. Depending on the defined automation level, the system must be designed as either fail-safe or fail-operational system. When designing backup systems, it should be decided by looking at not only whether it has power but also the accuracy of the incoming signals. Practical implications Aviation certification requirements related to automation systems need to be revised and improved. With this context, it was revealed that the certification processes for automation systems should be re-evaluated and updated by aviation authorities, especially Federal Aviation Administration and European Union Aviation Safety Agency. Originality/value Task sharing between automation system and pilot based on the classification of automation levels and determining certification requirements accordingly has been brought to the agenda. A synthetic Angle of Attack sensor was developed by using an aerodynamic model for fault detection and diagnosis.

engineering, aerospace

Tingting Cheng,Erik A. Veitch,Ingrid Bouwer Utne,Marilia A. Ramos,Ali Mosleh,Ole Andreas Alsos,Bing Wu

DOI: https://doi.org/10.1016/j.ress.2024.110080

IF: 7.247

2024-03-16

Reliability Engineering & System Safety

Abstract:Human-autonomy collaboration plays a pivotal role in the development of Maritime autonomous surface ships (MASS), as Shore control center (SCC) operators may engage in the control loop by directly operating the MASS, or, in the supervisory loop, monitoring the MASS and taking over control when needed. Thus, efficient human performance during takeover control and operation is crucial for the safety of MASS operations. However, since the MASS is still in the early phase of development, the mechanism of human errors is unknown, and the data on human-autonomy collaborative operation is scarce. Human reliability analysis (HRA) aims to assess human errors qualitatively and quantitatively, and is widely used in various complex systems to help safety analysis. This study is dedicated to incorporating advanced HRA methods elements to identify and quantify human errors during taking over control and operation of a MASS in collision avoidance scenarios. It presents virtual experimental results, combined with theoretical human error identification and assessment methods. At first, we apply the Human-System Interaction in Autonomy (H-SIA) method to identify potential human errors; secondly, we identify relevant Performance Shaping Factors (PSFs) including Experience, Boredom, Task complexity, Available time and Pre-warning, and performance measures of the human errors, and implement them in the virtual experiment based on a full-scale autonomous ferry research vessel called milliAmpere2. Finally, we build a Bayesian Network (BN) to present causal and probabilistic relationships between PSFs and human errors through experimental data. The results show that available time has the highest impact on takeover performance of operators, followed by task complexity and pre-warning. Boredom does not present a significant sole impact unless combined with available time. Experience does not show a significant impact on human performance. In addition to the relevance of the human errors analysis to the safe development and operational design of MASS, the developed method benefits other human-autonomy collaborative systems. The developed BN model shows adaptability to assess human error probabilities, and the practical significance of integrating experimental data into the existing HRA methodologies for complex systems.

engineering, industrial,operations research & management science

Matthew Smith,Martin Strohmeier,Vincent Lenders,Ivan Martinovic

DOI: https://doi.org/10.48550/arXiv.2010.01034

2020-10-02

Abstract:Airborne collision avoidance systems provide an onboard safety net should normal air traffic control procedures fail to keep aircraft separated. These systems are widely deployed and have been constantly refined over the past three decades, usually in response to near misses or mid-air collisions. Recent years have seen security research increasingly focus on aviation, identifying that key wireless links---some of which are used in collision avoidance---are vulnerable to attack. In this paper, we go one step further to understand whether an attacker can remotely trigger false collision avoidance alarms. Primarily considering the next-generation Airborne Collision Avoidance System X (ACAS X), we adopt a modelling approach to extract attacker constraints from technical standards before simulating collision avoidance attacks against standardized ACAS X code. We find that in 44% of cases, an attacker can successfully trigger a collision avoidance alert which on average results in a 590 ft altitude deviation; when the aircraft is at lower altitudes, this success rate rises considerably to 79%. Furthermore, we show how our simulation approach can be used to help defend against attacks by identifying where attackers are most likely to be successful.

Cryptography and Security

Yulu Dai,Chen Wang,Yuanchang Xie

DOI: https://doi.org/10.1016/j.aap.2023.106975

2023-01-25

Abstract:The concepts of Connected and Automated Vehicles (CAV) and vehicle platooning have generated high expectations regarding the safety performance of future transportation systems. Existing CAV longitudinal control research primarily focuses on efficiency and control stability, by considering different inter-vehicle spacing policies. In very few cases, safety was also considered as a constraint, but not in the main control objectives. Theoretically, stability can only guarantee that CAV platoons eventually achieve an equilibrium state but is unable to promise safety along the process of achieving equilibrium. It is important to note that CAV does not mean absolutely safe, and its longitudinal or platoon control safety performance depends on how the control algorithms are designed, how accurately it can detect and predict its lead vehicle's (could be a human-driven vehicle) next move, and other practical factors such as control and communication delays. To optimize CAV platoon safety, this study integrates surrogate safety measures (SSM) and model predictive control (MPC) into CAV longitudinal control for trajectory optimization. SSM has been widely adopted for modeling the safety consequences of various vehicle control strategies and identifying near-crash events from either simulated or field-captured traffic data. This study directly incorporates three typical SSM into the longitudinal control objectives of CAV and constructs a state-space MPC algorithm to model how these SSM vary as a result of CAV dynamics. Numerical examples are provided to show the performance of these SSM-based optimal CAV longitudinal control methods under traffic flow perturbations. To further confirm the necessity of explicitly considering SSM in CAV longitudinal control and its effectiveness in reducing rear-end collision risk, the proposed methods are compared with three classical longitudinal control models that do not consider SSM based on microscopic traffic simulation. It is noted that all SSM-based optimal control methods perform better than others as manifested by some key risk indicators, demonstrating the importance of explicitly considering SSM and safety in CAV longitudinal control.

public, environmental & occupational health,transportation,ergonomics,social sciences, interdisciplinary

Isha Panchal,Sophie F. Armanini,Isabel C. Metz

DOI: https://doi.org/10.48550/arXiv.2311.18047

IF: 6.4588

2023-11-29

Human-Computer Interaction

Abstract:Urban Air Mobility is a new concept of regional aviation that has been growing in popularity as a solution to the issue of ever-increasing ground traffic. Electric vehicles with vertical take-off and landing capabilities are being developed by numerous market companies as a result of the push toward environmentally sustainable aviation. The next stage in the eVTOL development process would be to define the concept of operation of these conceptual aircraft and then to integrate them with the existing airspace once they are airborne. In addition to coordinating with conventional air traffic and other Urban Air Mobility (UAM) vehicles, collision avoidance with uncooperative airspace users has to be addressed. Birds and drones of all sizes could be dangerous for these low-flying aircraft. Innovative collision detection and avoidance techniques need to be employed due to the uncooperative nature of these airspace users and different performance characteristics of urban air mobility vehicles compared to classical fixed-wing aircraft. The aim of this study is to validate one such system by means of fast-time solutions. This system uses a decision tree and safety envelopes to prevent collisions with non-cooperative airspace members. The system is designed to work with different aircraft configurations used for Urban Air Mobility (UAM) operations. Various scenarios are modelled by varying intruder type, location, flight path among others. Changes in flight time and closest point of approach are assessed to evaluate the system with regard to safety and efficiency.

Xi Chen,Yu Wan,Songyang Lao

DOI: https://doi.org/10.3390/sym12060985

2020-01-01

Symmetry

Abstract:The Traffic Alert and Collision Avoidance System (TCAS) is recognized worldwide as the last resort for avoiding midair collisions. The existing TCAS can solve pairwise conflict effectively, but cannot manage multi-aircraft conflict satisfactorily, and more seriously, can even trigger domino conflicts in some situation. In response to the increasingly frequent multi-aircraft conflicts, especially three-aircraft conflicts, it is necessary to improve the ability of TCAS. This paper studies the collision avoidance of multi-aircraft scenarios and innovatively proposes a collaborative optimization of a collision avoidance system (CAS) based on the state prediction of the aircraft. In the process, not only invading aircraft but also potential invading aircraft are considered in the plan for an optimal conflict resolution program. From the perspective of mathematics, the collaborative multi-aircraft conflict detection and resolution algorithm is described in detail in this paper. In the end, this paper conducts a comparative experiment to prove the feasibility of the algorithm in three-aircraft scenarios using InCAS software and Gmas simulation software based on graphical modeling of complex systems. The experimental results show that the CAS proposed in this paper can efficiently prevent the occurrence of domino conflicts and guide each aircraft to avoid conflict areas and return to their origin trajectories. In contrast, the existing TCAS will cause the target aircraft to intensify the conflict with the potential invading aircraft when avoiding intruder aircraft. The research greatly remedies the gaps in the area of multi-aircraft collision avoidance and greatly improves the ability and efficiency of TCAS.

Kirsty M. Lynch,Victoria A. Banks,Stewart Radcliffe,Katherine L. Plant,Aaron P. J. Roberts

DOI: https://doi.org/10.1080/00140139.2022.2126896

IF: 2.5612

2022-09-27

Ergonomics

Abstract:Interest in Maritime Autonomous Surface Ships (MASS) is increasing as it is predicted that they can bring improved safety, performance and operational capabilities. However, their introduction is associated with a number of enduring Human Factors challenges (e.g. difficulties monitoring automated systems) for human operators, with their 'remoteness' in shore-side control centres exacerbating issues. This paper aims to investigate underlying decision-making processes of operators of uncrewed vehicles using the theoretical foundation of the Perceptual Cycle Model (PCM). A case study of an Unmanned Aerial Vehicle (UAV) accident has been chosen as it bears similarities to the operation of MASS through means of a ground-based control centre. Two PCMs were developed; one to demonstrate what actually happened and one to demonstrate what should have happened. Comparing the models demonstrates the importance of operator situational awareness, clearly defined operator roles, training and interface design in making decisions when operating from remote control centres. Practitioner Summary: To investigate underlying decision-making processes of operators of uncrewed vehicles using the Perceptual Cycle Model, by using an UAV accident case study. The findings showed the importance of operator situational awareness, clearly defined operator roles, training and interface design in making decisions when monitoring uncrewed systems from remote control centres.

engineering, industrial,ergonomics,psychology, applied

Quan Quan,Zhiyao Zhao,Liyong Lin,Peng Wang,Walter Murray Wonham,Kai-Yuan Cai

DOI: https://doi.org/10.1049/iet-csr.2019.0039

2017-04-27

Abstract:In order to handle undesirable failures of a multicopter which occur in either the pre-flight process or the in-flight process, a failsafe mechanism design method based on supervisory control theory is proposed for the semi-autonomous control mode. Failsafe mechanism is a control logic that guides what subsequent actions the multicopter should take, by taking account of real-time information from guidance, attitude control, diagnosis, and other low-level subsystems. In order to design a failsafe mechanism for multicopters, safety issues of multicopters are introduced. Then, user requirements including functional requirements and safety requirements are textually described, where function requirements determine a general multicopter plant, and safety requirements cover the failsafe measures dealing with the presented safety issues. In order to model the user requirements by discrete-event systems, several multicopter modes and events are defined. On this basis, the multicopter plant and control specifications are modeled by automata. Then, a supervisor is synthesized by monolithic supervisory control theory. In addition, we present three examples to demonstrate the potential blocking phenomenon due to inappropriate design of control specifications. Also, we discuss the meaning of correctness and the properties of the obtained supervisor. This makes the failsafe mechanism convincingly correct and effective. Finally, based on the obtained supervisory controller generated by TCT software, an implementation method suitable for multicopters is presented, in which the supervisory controller is transformed into decision-making codes.

Systems and Control

Xuewu Ji,Cong Fei,Tao Xu,Xiangkun He

DOI: https://doi.org/10.1504/ijvd.2020.115062

IF: 2.037

2020-01-01

International Journal of Vehicle Design

Abstract:Autonomous vehicles are a research area of active interest. Collision avoidance system (CAS) is one of the central concerns to provide security protection for autonomous vehicles. This paper proposes a multi-mode collision avoidance system (mCAS), which combines a trajectory prediction module, a risk assessment module and a motion planning module into the closed-loop system. At each step, the trajectory prediction module predicts the trajectories of the vehicle and surrounding vehicles. The risk assessment model calculates the collision probability and chooses reasonable control mode. Then the motion planning module designs the desired deceleration profile based on it. The car takes the first step of the planned deceleration and repeats this cycle, achieving closed-loop control. The mCAS is tested in a closed-loop simulation setup and the results show that the proposed mCAS is of good effectiveness and feasibility, which can significantly reduce collision probability as well as false alarms.

Ítalo Romani de Oliveira,José Alexandre T. Guerreiro Fregnani,Gláucia Costa Balvedi,Michael L. Ulrey,Jeffery D. Musiak

2024-07-23

Abstract:Each new concept of operation and equipment generation in aviation becomes more automated, integrated and interconnected. In the case of Unmanned Aircraft Systems (UAS), this evolution allows drastically decreasing aircraft weight and operational cost, but these benefits are also realized in highly automated manned aircraft and ground Air Traffic Control (ATC) systems. The downside of these advances is overwhelmingly more complex software and hardware, making it harder to identify potential failure paths. Although there are mandatory certification processes based on broadly accepted standards, such as ARP4754 and its family, ESARR 4 and others, these standards do not allow proof or disproof of safety of disruptive technology changes, such as GBAS Precision Approaches, Autonomous UAS, aircraft self-separation and others. In order to leverage the introduction of such concepts, it is necessary to develop solid knowledge on the foundations of safety in complex systems and use this knowledge to elaborate sound demonstrations of either safety or unsafety of new system designs. These demonstrations at early design stages will help reducing costs both on development of new technology as well as reducing the risk of such technology causing accidents when in use. This paper presents some safety analysis methods which are not in the industry standards but which we identify as having benefits for analyzing safety of advanced technological concepts in aviation.

Systems and Control

Yi Lu,Ying Qian,Huayan Huangfu,Shuguang Zhang,Shan Fu

DOI: https://doi.org/10.3390/su11041129

IF: 3.9

2019-01-01

Sustainability

Abstract:The mishap statistics of large military unmanned aerial systems (UAS) reveal that human errors and organizational flaws pose great threats to their operation safety, especially considering the future application of derived civilian types. Moreover, maintenance accidents due to human factors have reached a significant level, but have received little attention in the existing research. To ensure the safety and sustainability of large UAS, we propose a system dynamics approach to model the maintenance risk mechanisms involving organizational, human, and technical factors, which made a breakthrough in the traditional event-chain static analysis method. Using the United States Air Force (USAF) MQ-1 Predator fleet case, the derived time-domain simulation represented the risk evolution process of the past two decades and verified the rationality of the proposed model. It was identified that the effects of maintainer human factors on the accident rate exceeded those of the technical systems in a long-term view, even though the technical reliability improvements had obvious initial effects on risk reduction. The characteristics of maintainer errors should be considered in system and maintenance procedure design to prevent them in a proactive way. It is also shown that the approach-derived SD model can be developed into a semi-quantitative decision-making support tool for improving the safety of large UAS in a risk-based view of airworthiness.

Yi Lu,Huayan Huangfu,Shuguang Zhang,Shan Fu

DOI: https://doi.org/10.1007/978-3-030-22507-0_22

2019-01-01

Abstract:As revealed by the mishap causal factor statistics, flight crew error was the most critical factor to affect the safe operation of large Unmanned Aerial System (UAS). However, most research on this topic embedded their roots on event-chain based accident model or even relied on textual descriptions to discuss the risk mechanism leading to large UAS mishaps. It is hard for preventing future losses of UASs in a systemic and efficient way, especially consider the organizational context of flight crew error shaping factors. Based on the System Dynamics approach, this study proposed to illustrate the risk mechanisms that involve the interactions of organizational, flight crew and technical system factors leading to operation accident of large UASs. It aims to explain such risk interactions and helps to clarify why flight crew training always gained a delayed safety benefits on crew error reduction, especially when UAS fleet facing high mission tempos. This study also discusses the effect of flight crew self re-learning process and safety commitments on UAS operation accidents. Some Causal Loop Diagram (CLD) based conceptual models are established for future quantitative SD stock-flow simulation which can be used as organizational risk assessment tools, when considering to evaluate the medium-long term benefits of potential safety policy and management decision in the widely spreading UAS operations.

Marius Bozga,Joseph Sifakis

2024-05-20

Abstract:Developing safe autonomous driving systems is a major scientific and technical challenge. Existing AI-based end-to-end solutions do not offer the necessary safety guarantees, while traditional systems engineering approaches are defeated by the complexity of the problem. Currently, there is an increasing interest in hybrid design solutions, integrating machine learning components, when necessary, while using model-based components for goal management and planning. We study a method for building safe by design autonomous driving systems, based on the assumption that the capability to drive boils down to the coordinated execution of a given set of driving operations. The assumption is substantiated by a compositionality result considering that autopilots are dynamic systems receiving a small number of types of vistas as input, each vista defining a free space in its neighborhood. It is shown that safe driving for each type of vista in the corresponding free space, implies safe driving for any possible scenario under some easy-to-check conditions concerning the transition between vistas. The designed autopilot comprises distinct control policies one per type of vista, articulated in two consecutive phases. The first phase consists of carefully managing a potentially risky situation by virtually reducing speed, while the second phase consists of exiting the situation by accelerating. The autopilots designed use for their predictions simple functions characterizing the acceleration and deceleration capabilities of the vehicles. They cover the main driving operations, including entering a main road, overtaking, crossing intersections protected by traffic lights or signals, and driving on freeways. The results presented reinforce the case for hybrid solutions that incorporate mathematically elegant and robust decision methods that are safe by design.

Multiagent Systems